[dismay]

Not sure where to post this, but could anyone breakdown this command?

note, these are not real IP addresses



How did the get the values of 99 99 00 00?

Here was the write-up to solve this problem, but I still can't see how 99x2 and 0x2 came into play,
here is the write up


What should I research to understand this? Has anybody had experience in Netcat?

Here are the full write ups https://www.cyberchallenge.com.au/pdf/Cy...utions.pdf (Page 19)

[darkninja1980]

Not sure where to post this, but could anyone breakdown this command?

note, these are not real IP addresses



How did the get the values of 99 99 00 00?

Here was the write-up to solve this problem, but I still can't see how 99x2 and 0x2 came into play,
here is the write up


What should I research to understand this? Has anybody had experience in Netcat?

Here are the full write ups https://www.cyberchallenge.com.au/pdf/Cy...utions.pdf

you posted this in the right area.

[dismay]

After some reading, one of our team members found out it was just a simple buffer overflow. I believe he said it had something to do with the Heartbleed exploit.

I should have explained it a bit better here, but that's okay, our team got it to work and thanks anyways

[Cr3aTor]

Good to hear that you answered your questions, I was going to say that it's maybe a bufferoverflow.
Anyway, you are part of a CTF team?

[dismay]

Good to hear that you answered your questions, I was going to say that it's maybe a bufferoverflow.
Anyway, you are part of a CTF team?

Yes, to get Australian IT noobies like me and grey/black hat hackers from collages and universities into whitehat pen-testing and infosec for large corporations, our Government have created a challenge over a 24 hour duration to pretty much compete other teams of 4 students. I believe there are more than 150 teams this year. It starts in a few weeks but in the mean time, our team have been studying and practicing hard during our break, mainly due to knowing what things are, but not knowing how to do it, e.g buffer-over flow, XSS etc. A lot of our personal time have been put into this, but it's a great experience and it's a field I want to grow into.

You can see the 2017 CySca challenge for yourself here: https://www.cyberchallenge.com.au/2017/i...index.html

[Cr3aTor]

Yes, to get Australian IT noobies like me and grey/black hat hackers from collages and universities into whitehat pen-testing and infosec for large corporations, our Government have created a challenge over a 24 hour duration to pretty much compete other teams of 4 students. I believe there are more than 150 teams this year. It starts in a few weeks but in the mean time,

It's pretty awesome that the Government create such activities.

our team have been studying and practicing hard during our break, mainly due to knowing what things are, but not knowing how to do it, e.g buffer-over flow, XSS etc. A lot of our personal time have been put into this, but it's a great experience and it's a field I want to grow into.

Good to hear that more and more people want to learn the "black magic" of how computers work and how to exploit them. I would suggest that each one of you to specialize in something (RE, Web Security, Forensics, Exploit Dev, etc) and then group all the skills together. This would be just a temporary solution to participate at the challenge because, afterwards you could look more in depth for each one of these.
CTFs are definitely a good way to expand your knowledge and to have fun at the same time. I made a thread with a few CTF sites that maybe would help.
Good luck and I hope you will have an interesting journey!